microk8s nodeport exposed service refuses connection

Question

On my server in microk8s I created an kubernetes service which is exposed via NodePort, but it refuses the connection. I am not sure why. No matter if I try to telnet to the NodePort port (31000), it always refuses the connection. Similar service is provided by microk8s addon (registry) which is listening on port 32000. Telneting to this port from the host itself as from outside works fine. No firewall is runnig, ufw is disabled.

This is the service:

apiVersion: v1
kind: Service
metadata:
  namespace: openvpn
  name: openvpn
  labels:
    app: openvpn
spec:
  selector:
    app: openvpn
  type: NodePort
  ports:
    - name: openvpn
      nodePort: 31000
      port: 1194
      targetPort: 1194
status:
  loadBalancer: {}

This is my deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: openvpn
  name: openvpn
  labels:
    app: openvpn
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openvpn
  template:
    metadata:
      labels:
        app: openvpn
    spec:
      containers:
      - image: private.registry.com/myovpn:1
        name: openvpn-server
        imagePullPolicy: Always
        ports:
        - containerPort: 1194
        securityContext:
          capabilities:
            add:
              - NET_ADMIN

This is the created service:

NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
openvpn   NodePort   10.152.183.80   <none>        1194:31000/UDP   9m19s

And this is its description:

Name:                     openvpn
Namespace:                openvpn
Labels:                   app=openvpn
                          app.kubernetes.io/managed-by=Helm
Annotations:              meta.helm.sh/release-name: openvpn
                          meta.helm.sh/release-namespace: openvpn
Selector:                 app=openvpn
Type:                     NodePort
IP Families:              <none>
IP:                       10.152.183.80
IPs:                      10.152.183.80
Port:                     openvpn  1194/UDP
TargetPort:               1194/TCP
NodePort:                 openvpn  31000/UDP
Endpoints:                10.1.246.217:1194
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

The endpoint is present:

NAME      ENDPOINTS           AGE
openvpn   10.1.246.228:1194   110m

get nodes - owide output:

NAME       STATUS   ROLES    AGE   VERSION                     INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
hostname   Ready    <none>   24d   v1.20.7-34+df7df22a741dbc   194.xxx.xxx.xxx  <none>        Ubuntu 20.04.2 LTS   5.4.0-73-generic   containerd://1.3.7

The Dockerfile is mega simple. Just basics:

FROM alpine:3

ENV HOST=""
RUN apk add openvpn
RUN mkdir -p /opt/openvpn/sec

COPY ./run.sh /opt/openvpn
RUN chmod +x /opt/openvpn/run.sh

COPY ./openvpn.conf /opt/openvpn
COPY ./sec/srv.key /opt/openvpn/sec
COPY ./sec/srv.crt /opt/openvpn/sec
COPY ./sec/ca.crt /opt/openvpn/sec
COPY ./sec/dh2048.pem /opt/openvpn/sec

ENTRYPOINT ["/bin/sh", "/opt/openvpn/run.sh"]

And the run script:

#!/bin/sh
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
openvpn --config /opt/openvpn/openvpn.conf --local 0.0.0.0

Nothing special. Any ideas why it does not work?